header-logo
Suggest Exploit
vendor:
RaQ Series
by:
SecurityFocus
7.5
CVSS
HIGH
Cross-Site Scripting
79
CWE
Product Name: RaQ Series
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2002-0674
CPE: o:cobalt:raq_series
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Unknown
2002

Cross-Site Scripting

A vulnerability exists in the message.cgi script used by Cobalt RaQ appliances which could allow an attacker to inject malicious JavaScript code into the application. This code could be used to steal authentication information from users of the application.

Mitigation:

The vendor has released a patch to address this issue.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8757/info

A problem with message.cgi script used by Cobalt RaQ appliances could lead to cross-site scripting. This could result in attacks attempting to steal authentication information. 

http://wwww.example.com:81/cgi-bin/.cobalt/message/message.cgi?info=%3Cscript%3Ealert%28%27XSS%27%29%3B%3C/script%3E

Navigation

Suggest Exploit

Services By CQR